As companies are becoming more educated about cyber crimes and cyber liability, more measures have been taken to reduce the frequency and magnitude of data breaches. However, as fast as companies can adapt to make themselves less vulnerable to cyber crimes, cyber criminals can adapt their techniques to find new vulnerabilities. Although security efforts have helped lessen the damage caused by each data breach, in Q1 of this year alone, 686 breaches have been reported already, exposing approximately 1.4 billion records.
While companies focus on thwarting cyber criminals, they sometimes overlook some of the other less sinister events that can also cause costly data breaches, such as:
1. Violation of Company Policy
In one such event, a violation of company policy by an employee from the University of Michigan’s Michigan Medicine resulted in the compromise of the sensitive information of approximately 870 patients. The employee’s laptop, which contained protected health information (PHI) for a number of patients, was stolen from the employee’s vehicle. The laptop was password protected but unencrypted, leaving the patient data vulnerable. Company policy prohibits the storage of PHI on a personal unencrypted laptop.
2. Clerical Error
In Wisconsin, a simple clerical error led the company Dean Health Plan to send more than 1,300 letters to the wrong addresses. The company intended to send out letters that notified patients of the location of their primary care clinic, but a data file that was incorrectly formatted caused the patient names to be matched with the wrong mailing addresses. According a statement from Dean Health Plan, the only PHI contained in the letters were the patients’ names and the name and location of their clinics.
3. Unauthorized Employee Email Access
One of the most common overlooked data breach causes is the unauthorized access of an employee’s email account. Whether through an employee error such as clicking on a phishing link, or through simple password cracking, the breach of an employee’s email account can give an unwanted party access to a large amount of sensitive data. Two of the largest healthcare data breaches in June were the result of unauthorized email access, compromising the PHI of a combined total of over 29,000 individuals.
Best Practices for Data Breach Safeguarding
As exhibited in the first example above, company policy alone is not enough to prevent a data breach from occurring. Businesses who regularly send, receive and store sensitive information should have safeguards in place to reduce the likelihood of human error and unauthorized email access-related data breaches.
Some examples include:
- Restricting access to work files from non-encrypted computers,
- Amulti-factor authentication system for accessing employee email accounts, and
- Using a HIPAA-compliant email system rather than tradition mail for sending information to patients.
In addition to reducing risks as much as possible through safeguards, companies should also have adequate cyber liability insurance, which can assist with the financial recovery of a data breach even if an employee is at fault.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (847) 832-9100.